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CLAIMS 

What is claimed is: 

5 1 . A method for routing a packet sent from a user in a system in which the user may 
be connected to multiple networks simultaneously, including: 
extracting a source address from the packet; 

finding a per-user routing table corresponding to said source address, said per-user 
routing table containing entries corresponding to one or more currently accessible 
10 networks for the user and the range of network addresses corresponding to said currently 
accessible networks; 

extracting a destination address from the packet; 

seeking an entry in said matching per-user routing table with a range of network 
addresses containing said destination address; 
15 routing the packet to a matching network if said destination address is contained 

within one of said ranges of network addresses for said currently accessible networks; 
and 

routing the packet to a default network if said destination address is not contained 
within one of said ranges of network addresses for said currendy accessible networks. 

20 

2. The method of claim 1, wherein said matching network is said accessible network 
corresponding to said range of addresses in which said destination address is found. 
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3. The method of claim 1, wherein said default network is the largest accessible 
network. 

4. A method for routing a packet sent from a user in a system in which the user may 
5 be connected to multiple networks simultaneously, including: 

extracting a source address from the packet; 

finding a per-user routing table corresponding to said source address, said per-user 
routing table containing entries corresponding to one or more currently accessible 
networks for the user and the range of network addresses corresponding to said currently 
10 accessible networks; 

extracting a destination address from the packet; 

seeking an entry in said matching per-user routing table with a range of network 
addresses containing said destination address; 

routing the packet to a matching network if said destination address is contained 
15 within one of said ranges of network addresses for said currently accessible networks; 
and 

ignoring said packet and alerting the user to that effect if said destination address 
is not contained within one of said ranges of network addresses for said currently 
accessible networks. 

20 

5. The method of claim 4, wherein said matching network is said accessible network 
corresponding to said range of addresses in which said destination address is found. 
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6. A method for routing a packet sent from a user in a system in which the user may 

be connected to multiple networks simultaneously, said packet having a destination 

network, the method including: 

looking up said destination network in a table, each entry in said table having a 
5 router network address corresponding to each network currently accessible; 

establishing a tunneling session to said matching router network address; and 
forwarding the packet to said router network address through said tunneling 

session. 

10 7. The method of claim 6, wherein said table is contained in a service profile. 

8. A method for routing a packet sent from a user in a system in which the user may 
be connected to multiple networks simultaneously, including: 
extracting a source address from the packet; 
15 finding a per-user routing table corresponding to said source address, said per-user 

routing table containing entries corresponding to one or more accessible networks for the 
user and the range of network addresses corresponding to said currently accessible 
networks; 

extracting a destination address from the packet; 
20 reading the entries of said matching per-user routing table, looking for a range of 

network addresses containing said destination address; 



15 



CISCO-0655 

determining a destination network based upon a matching entry in said per-user 
routing table if said destination address is contained within one of said ranges of network 
addresses for said currently accessible networks; 

routing the packet to a default network if said destination address is not contained 
5 within one of said ranges of network addresses for said currently accessible networks. 

looking up said destination network in a table, each entry in said table having a 
router network address corresponding to each network currently accessible; 

establishing a tunneling session to said corresponding router network address; and 

forwarding the packet to said router network address through said tunneling 
10 session. 

9. The method of claim 8, wherein said destinations network is one of said accessible 
networks corresponding to said range of addresses in which said destination address is 
found. 

15 

10. The method of claim 8, wherein said default network is the largest accessible 
network. 

1 1 . The method of claim 8, wherein said table is contained in a service profile. 

20 

12. A method for routing a packet sent from a user in a system in which the user may 
be connected to multiple networks simultaneously, including: 
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extracting a source address from the packet; 

finding a per-user routing table corresponding to said source address, said per-user 
routing table containing entries corresponding to one or more accessible networks for the 
user and the range of network addresses corresponding to said currently accessible 
5 networks; 

extracting a destination address from the packet; 

reading the entries of said matching per-user routing table, looking for a range of 
network addresses containing said destination address; 

determining a destination network based upon a matching entry in said per-user 
10 routing table if said destination address is contained within one of said ranges of network 
addresses for said currently accessible networks; 

ignoring said packet and alerting the user to that effect if said destination address 
is not contained within one of said ranges of network addresses for said currently 
accessible networks; 

15 looking up said destination network in a table, each entry in said table having a 

router network address corresponding to each network currently accessible; 

establishing a tunneling session to said corresponding router network address; and 
forwarding the packet to said corresponding router network address through said 
tunneling session. 

20 

13. The method of claim 12, wherein said matching network is one of said accessible 
networks corresponding to said range of addresses in which said destination address is 
found. 
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14. The method of claim 12, wherein said table is contained in a service profile. 

15. A gateway for routing a packet sent from a user in a system in which the user may 
be connected to multiple networks simultaneously, including: 

5 a packet source address extractor; 

one or more per-user routing tables, each of said routing tables containing entries 
corresponding to one or more currendy accessible networks for the user and the range of 
network addresses corresponding to said currendy accessible networks; 

a per-user routing table searcher coupled to said packet source address extractor 
10 and coupled to said one or more per-user routing tables; 
a packet destination address extractor; 

a per-user routing table entry seeker coupled to said packet destination address 
extractor and coupled to said per-user routing table searcher; 

a matching network router coupled to said per-user routing table entry seeker if 
15 the destination address of the packet is contained within one of said ranges of network 
addresses for said currently accessible networks; and 

a default network router coupled to said per-user routing table entry seeker if the 
destination address of the packet is not contained within any of said ranges, of network 
addresses for said currendy accessible networks. 

20 

16. The gateway of claim 15, wherein said matching network router is coupled to an 
accessible network corresponding to said range of addresses in which said destination 
address is found. 
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17. The gateway of claim 15, wherein said default network router is coupled to the 
largest accessible network. 

18. A gateway for routing a packet sent from a user in a system in which the user may 
5 be connected to multiple networks simultaneously, including: 

a packet source address extractor; 

one or more per-user routing tables, each of said routing tables containing entries 
corresponding to one or more currently accessible networks for the user and the range of 
network addresses corresponding to said currendy accessible networks; 
10 a per-user routing table searcher coupled to said packet source address extractor 

and coupled to said one or more per-user routing tables; 
a packet destination address extractor; 

a per-user routing table entry seeker coupled to said packet destination address 
extractor and coupled to said per-user routing table searcher; 
15 a matching network router coupled to said per-user routing table entry seeker if the 

destination address of the packet is contained within one of said ranges of network 
addresses for said currendy accessible networks; and 

a user interface, coupled to said per-user routing table if the destination address of 
the packet is not contained within any of said ranges of network addresses for said 
20 currently accessible networks, said user interface adapted to send a message to the user 
indicating that the packet is being ignored by the gateway. 
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19. The gateway of claim 18, wherein said matching network router is coupled to an 
accessible network corresponding to said range of addresses in which said destination 
address is found. 

5 20. A gateway for routing a packet sent from a user in a system in which the user may 
be connected to multiple networks simultaneously, said packet having a destination 
network, the gateway including: 

a table, each entry in said table having a router network address corresponding to 
each network currendy accessible; 
10 a destination network table entry searcher coupled to said table; 

a tunneling session initiator coupled to said destination network table entry 
searcher; and 

a packet forwarder coupled to said tunneling session initiator. 

15 21 . The gateway of claim 20, wherein said table is contained in a service profile. 

22. A gateway for routing a packet sent from a user in a system in which the user may 
be connected to multiple networks simultaneously, including: 
a packet source address extractor; 
20 one or more per-user routing tables, each of said routing tables containing entries 

corresponding to one or more currently accessible networks for the user and the range of 
network addresses corresponding to said currendy accessible networks; 

20 
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a per-user routing table searcher coupled to said packet source address extractor 
and coupled to said one or more per-user routing tables; 
a packet destination address extractor; 

a per-user routing table entry seeker coupled to said packet destination address 
5 extractor and coupled to said per-user routing table searcher; 

a matching network router coupled to said per-user routing table entry seeker if the 
destination address of the packet is contained within one of said ranges of network 
addresses for said curfendy accessible networks; 

a default network router coupled to said per-user routing table entry seeker if the 
10 destination address of the packet is not contained within any of said ranges of network 
addresses for said currently accessible networks; 

a table, each entry in said table having a router network address corresponding to 
each network currently accessible; 

a destination network table entry searcher coupled to said table; 
15 a tunneling session initiator coupled to said destination network table entry 

searcher; and 

a packet forwarder coupled to said tunneling session initiator. 

23. The gateway of claim 22, wherein said matching network router is coupled to an 
20 accessible network corresponding to said range of addresses in which said destination 
address is found. 
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24. The gateway of claim 22, wherein said default network router is coupled to the 
largest accessible network. 



25. The gateway of claim 22, wherein said table is contained in a service profile. 

5 

26. A gateway for routing a packet sent from a user in a system in which the user may 
be connected to multiple networks simultaneously, including: 

a packet source address extractor; 

one or more per-user routing tables, each of said routing tables containing entries 
10 corresponding to one or more currently accessible networks for the user and the range of 
network addresses corresponding to said currendy accessible networks; 

a per-user routing table searcher coupled to said packet source address extractor 
and coupled to said one or more per-user routing tables; 
a packet destination address extractor; 
15 a per-user routing table entry seeker coupled to said packet destination address 

extractor and coupled to said per-user routing table searcher; 

a matching network router coupled to said per-user routing table entry seeker if the 
destination address of the packet is contained within one of said ranges of network 
addresses for said currendy accessible networks; 
20 a user interface, coupled to said per-user routing table if the destination address of 

the packet is not contained within any of said ranges of network addresses for said 
currendy accessible networks, said user interface adapted to send a message to the user 
indicating that the packet is being ignored by the gateway; 
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a table, each entry in said table having a router network address corresponding to 
each network currently accessible; 

a destination network table entry searcher coupled to said table; 
a tunneling session initiator coupled to said destination network table entry 
5 searcher; and 

a packet forwarder coupled to said tunneling session initiator. 

27. The gateway of claim 26, wherein said matching network router is coupled to an 
accessible network corresponding to said range of addresses in which said destination 

10 address is found. 

28. The gateway of claim 26, wherein said table is contained in a service profile. 

29. A program storage device readable by a machine, tangibly embodying a program 
15 of instructions executable by the machine to perform method steps for routing a packet 

sent from a user in a system in which the user may be connected to multiple networks 
simultaneously, said method steps comprising: 

extracting a source address from the packet; 

finding a per-user routing table corresponding to said source address, said per-user 

20 routing table containing entries corresponding to one or more currently accessible 

networks for the user and the range of network addresses corresponding to said currendy 

accessible networks; 

extracting a destination address from the packet; 

23 




seeking an entry in said matching per-user routing table with a range of network 



addresses containing said destination address; 

routing the packet to a matching network if said destination address is contained 
within one of said ranges of network addresses for said currently accessible networks; 
5 and 

routing the packet to a default network if said destination address is not contained 
within one of said ranges of network addresses for said currently accessible networks. 

30. The program storage device of claim 29, wherein said matching network is one of 
10 said accessible networks corresponding to said range of addresses in which said 

destination address is found. 

31. The program storage device of claim 29, wherein said default network is the 
largest accessible network. 



32. A program storage device readable by a machine, tangibly embodying a program 
of instructions executable by the machine to perform method steps for routing a packet 
sent from a user in a system in which the user may be connected to multiple networks 
simultaneously, said method steps comprising: 
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extracting a source address from the packet; 




>er-user routing table corresponding to said source address, said per-user 



routing table containingjentries corresponding to one or more^fcurrently accessible 
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networks for the user and the range of network addresses corresponding to said currently 
accessible networks; 

extracting a destination address from the packet; 

^seeking an entry iii^aid matching per-user routing table with a range of network 
5 addresses containing said destination address; 

routing the packet to a matching network if said destination address is contained 
within one of said ranges of network addresses for said currently accessible networks; 
and 

ignoring said packet and alerting the user to that effect if said destination address 
10 is not contained within one of said ranges of network addresses for said currently 
accessible networks. 

33. The program storage device of claim 32, wherein said matching network is one of 
said accessible networks corresponding to said range of addresses in which said 

15 destination address is found. 

34. A program storage device readable by a machine, tangibly embodying a program 
of instructions executable by the machine to perform method steps for routing a packet 
sent from a user in a system in which the user may be connected to multiple networks 

20 simultaneously, said packet having a destination network, said method steps comprising: 

looking up said destination network in a table, each entry in said table having a 

router network address corresponding to each network currently accessible; 

establishing a tunneling session to said corresponding router network address; and 
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forwarding the packet to said corresponding router network address through said 
tunneling session. 

35. The program storage device of claim 34, wherein said table is contained in a 
5 service profile. 

36. A program storage device readable by a machine, tangibly embodying a program 
of instructions executable by the machine to perform method steps for routing a packet 
sent from a user in a system in which the user may be connected to multiple networks 

10 simultaneously, said method steps comprising: 

extracting a source address from the packet; 

finding a per-user routing table corresponding to said source address, said per-user 
routing table containing entries corresponding to one or more currendy accessible 
networks for the user and the range of network addresses corresponding to said currendy 
15 accessible networks; 

extracting a destination address from the packet; 

reading the entries of said matching per-user routing table, looking for a range of 

network addresses containing said destination address; 

determining a destination network based upon a matching entry in said per-user 

20 routing table if said destination address is contained within one of said ranges of network 

addresses for said currently accessible networks; 

routing the packet to a default network if said destination address is not contained 

within one of said ranges of network addresses for said currendy accessible networks. 

26 



^ _-Z. f j? Q £j g^. £~ w | J srf £? i| jr 1 ! 

CISCO-0655 

looking up said destination network in a table, each entry in said table having a 
router network address corresponding to each network currendy accessible; 

establishing a tunneling session to said corresponding router network address; and 
forwarding the packet to said corresponding router network address through said 
5 tunneling session. 

37. The program storage device of claim 36, wherein said matching network is said 
accessible network corresponding to said range of addresses in which said destination 
address is found. 

10 

38. The program storage device of claim 36, wherein said default network is the 
largest accessible network. 

39. The program storage device of claim 36, wherein said table is contained in a 
15 service profile. 

40. A program storage device readable by a machine, tangibly embodying a program 
of instructions executable by the machine to perform method steps for routing a packet 
sent from a user in a system in which the user may be connected to multiple networks 

20 simultaneously, said method steps including: 

extracting a source address from the packet; 

finding a per-user routing table corresponding to said source address, said per-user 

routing table containing entries corresponding to one or more currently accessible 
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networks for the user and the range of network addresses corresponding to said currently 
accessible networks; 

extracting a destination address from the packet; 

reading the entries of said matching per-user routing table, looking for a range of 
5 network addresses containing said destination address; 

determining a destination network based upon a matching entry in said per-user 
routing table if said destination address is contained within one of said ranges of network 
addresses for said currently accessible networks; 

ignoring said packet and alerting the user to that effect if said destination address 
10 is not contained within one of said ranges of network addresses for said currently 
accessible networks; 

looking up said destination network in a table, each entry in said table having a 
router network address corresponding to each network currently accessible; 

establishing a tunneling session to said corresponding router network address; and 
15 forwarding the packet to said corresponding router network address through said 

tunneling session. 

41. The program storage device of claim 40, wherein said matching network is one of 
said accessible networks corresponding to said range of addresses in which said 

20 destination address is found. 

42. The program storage device of claim 40, wherein said table is contained in a 
service profile. 
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